Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vrealize_log_insight
(Vmware)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-15 | CVE-2020-3953 | Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | Vrealize_log_insight | 4.8 | ||
| 2020-04-15 | CVE-2020-3954 | Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | Vrealize_log_insight | 6.1 | ||
| 2021-08-30 | CVE-2021-22021 | VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. | Cloud_foundation, Vrealize_log_insight | 5.4 | ||
| 2021-10-13 | CVE-2021-22035 | VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log Insight which could be executed in user's environment. | Cloud_foundation, Vrealize_log_insight, Vrealize_suite_lifecycle_manager | 4.3 | ||
| 2022-07-12 | CVE-2022-31654 | VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. | Vrealize_log_insight | 5.4 |